Inactive Bad Image Error

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.0 (11.29.2014:1)
OS: Windows (TM) Vista Home Premium x64
Ran by Colette on Thu 12/11/2014 at 16:24:59.86
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ai_recyclebin"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"



~~~ FireFox

Successfully deleted the following from C:\Users\Colette\AppData\Roaming\mozilla\firefox\profiles\u4996rys.default\prefs.js

user_pref("valueApps.autoDisableScopes", 0);
user_pref("valueApps.storage.mam_gk_currentVersion", "312E31332E302E3137");
user_pref("valueApps.storage.mam_gk_userId", "34363037316338612D356462302D346463622D613436372D656639396631356662343962");
Emptied folder: C:\Users\Colette\AppData\Roaming\mozilla\firefox\profiles\u4996rys.default\minidumps [366 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 12/11/2014 at 16:29:05.03
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-12-2014 03
Ran by Colette (administrator) on COLETTE-PC on 11-12-2014 16:31:00
Running from C:\Users\Colette\Downloads
Loaded Profile: Colette (Available profiles: Colette)
Platform: Windows Vista (TM) Home Premium Service Pack 2 (X64) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA) C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
(NVIDIA) C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Akamai Technologies, Inc.) C:\Users\Colette\AppData\Local\Akamai\netsession_win.exe
() C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
() C:\Program Files (x86)\Razer\DeathAdder\razertra.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Razer Inc.) C:\Program Files (x86)\Razer\DeathAdder\razerofa.exe
(Akamai Technologies, Inc.) C:\Users\Colette\AppData\Local\Akamai\netsession_win.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Thisisu) C:\Users\Colette\Downloads\JRT.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_246.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_246.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-10] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2460488 2014-09-16] (NVIDIA Corporation)
HKLM-x32\...\Run: [DeathAdder] => C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe [251392 2010-05-05] ()
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-03] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKU\S-1-5-21-2291535583-3327991140-731123306-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-2291535583-3327991140-731123306-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Colette\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk
ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\Users\Colette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
Startup: C:\Users\Colette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Colette\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2291535583-3327991140-731123306-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2291535583-3327991140-731123306-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2291535583-3327991140-731123306-1000 -> {80B22FBC-5A92-4794-82F0-C597880033F8} URL = http://www.google.com/search?q={sea...tartIndex={startIndex?}&startPage={startPage}
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Colette\AppData\Roaming\Mozilla\Firefox\Profiles\u4996rys.default
FF Homepage: https://www.google.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @ei.MapsGalaxy_39.com/Plugin -> C:\Program Files (x86)\MapsGalaxy_39EI\Installr\1.bin\NP39EISB.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2291535583-3327991140-731123306-1000: @nsroblox.roblox.com/launcher -> C:\Users\Colette\AppData\Local\Roblox\Versions\version-0aae98b55b324621\\NPRobloxProxy.dll ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-2291535583-3327991140-731123306-1000: @nsroblox.roblox.com/launcher64 -> C:\Users\Colette\AppData\Local\Roblox\Versions\version-0aae98b55b324621\\NPRobloxProxy64.dll ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-2291535583-3327991140-731123306-1000: @soe.sony.com/installer,version=1.0.3 -> C:\Users\Colette\AppData\Roaming\Mozilla\Firefox\Profiles\u4996rys.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}\plugins\npsoe.dll No File
FF Plugin HKU\S-1-5-21-2291535583-3327991140-731123306-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Colette\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-2291535583-3327991140-731123306-1000: thehappycloud.com/HappyCloudPlugin -> C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll (The Happy Cloud)
FF Extension: LastPass - C:\Users\Colette\AppData\Roaming\Mozilla\Firefox\Profiles\u4996rys.default\Extensions\support@lastpass.com [2014-08-19]
FF Extension: Adblock Plus - C:\Users\Colette\AppData\Roaming\Mozilla\Firefox\Profiles\u4996rys.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-12-26]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-02-07]
FF Extension: No Name - C:\Users\Colette\AppData\Roaming\Mozilla\Firefox\Profiles\u4996rys.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A} [Not Found]

Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (MapsGalaxy Installer Plugin Stub) - C:\Program Files (x86)\MapsGalaxy_39EI\Installr\1.bin\NP39EISB.dll No File
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Unity Player) - C:\Users\Colette\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Roblox Launcher Plugin) - C:\Users\Colette\AppData\Local\Roblox\Versions\version-e51d9fbd5a3e49c4\\NPRobloxProxy.dll No File
CHR Plugin: (SOE Web Installer) - C:\Users\Colette\AppData\Roaming\Mozilla\Firefox\Profiles\u4996rys.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}\plugins\npsoe.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Profile: C:\Users\Colette\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Colette\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-23]
CHR Extension: (Google Search) - C:\Users\Colette\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-23]
CHR Extension: (Mickey Sketch Theme) - C:\Users\Colette\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkmaadlipkibabccamkbjjaklifnohhp [2013-11-29]
CHR Extension: (AirMech) - C:\Users\Colette\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdahlabpinmfcemhcbcfoijcpoalfgdn [2013-12-14]
CHR Extension: (Google Wallet) - C:\Users\Colette\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-24]
CHR Extension: (Gmail) - C:\Users\Colette\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-23]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2013-01-08] (Macrovision Europe Ltd.) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-09-16] (NVIDIA Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 nTuneService; C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe [278336 2011-09-19] (NVIDIA)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-09-16] (NVIDIA Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2008-01-19] (Microsoft Corporation)
S1 Beep; No ImagePath
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R3 nvoclk64; C:\Windows\System32\DRIVERS\nvoclk64.sys [42088 2009-09-15] (NVIDIA Corp.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2014-12-11] ()
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 DIRECTIO; \??\C:\Program Files\PerformanceTest\DirectIo64.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-11 16:31 - 2014-12-11 16:31 - 00016353 _____ () C:\Users\Colette\Downloads\FRST.txt
2014-12-11 16:30 - 2014-12-11 16:31 - 00000000 ____D () C:\FRST
2014-12-11 16:30 - 2014-12-11 16:30 - 02119680 _____ (Farbar) C:\Users\Colette\Downloads\FRST64.exe
2014-12-11 16:29 - 2014-12-11 16:29 - 00001273 _____ () C:\Users\Colette\Desktop\JRT.txt
2014-12-11 16:24 - 2014-12-11 16:24 - 01707646 _____ (Thisisu) C:\Users\Colette\Downloads\JRT.exe
2014-12-11 16:24 - 2014-12-11 16:24 - 00000000 ____D () C:\Windows\ERUNT
2014-12-11 16:17 - 2014-12-11 16:18 - 00000000 ____D () C:\AdwCleaner
2014-12-11 16:16 - 2014-12-11 16:16 - 02166272 _____ () C:\Users\Colette\Downloads\adwcleaner_4.105.exe
2014-12-11 16:01 - 2014-12-11 16:01 - 00019855 _____ () C:\ComboFix.txt
2014-12-11 15:45 - 2014-12-11 16:01 - 00000000 ____D () C:\Qoobox
2014-12-11 15:45 - 2011-06-25 22:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-12-11 15:45 - 2010-11-07 09:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-12-11 15:45 - 2009-04-19 20:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-12-11 15:45 - 2000-08-30 16:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-12-11 15:45 - 2000-08-30 16:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-12-11 15:45 - 2000-08-30 16:00 - 00098816 _____ () C:\Windows\sed.exe
2014-12-11 15:45 - 2000-08-30 16:00 - 00080412 _____ () C:\Windows\grep.exe
2014-12-11 15:45 - 2000-08-30 16:00 - 00068096 _____ () C:\Windows\zip.exe
2014-12-11 15:44 - 2014-12-11 15:59 - 00000000 ____D () C:\Windows\erdnt
2014-12-11 15:43 - 2014-12-11 15:43 - 05600944 ____R (Swearware) C:\Users\Colette\Downloads\ComboFix.exe
2014-12-11 15:30 - 2014-12-11 15:31 - 224228576 _____ (NVIDIA Corporation) C:\Users\Colette\Downloads\340.52-desktop-win8-win7-winvista-64bit-english-whql(3).exe
2014-12-11 15:25 - 2014-12-11 15:25 - 00872816 _____ (Microsoft Corporation) C:\Users\Colette\Downloads\WindowsXP-KB975337-x86-ENU.exe
2014-12-11 15:25 - 2014-12-11 15:25 - 00000000 ____D () C:\Users\Colette\Downloads\idw
2014-12-11 15:25 - 2014-12-11 15:25 - 00000000 ____D () C:\Users\Colette\Downloads\asms
2014-12-11 14:53 - 2014-12-11 14:53 - 16448208 _____ (Malwarebytes Corp.) C:\Users\Colette\Downloads\mbar-1.08.2.1001(1).exe
2014-12-10 22:51 - 2014-12-11 15:17 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-12-10 22:50 - 2014-12-11 15:17 - 00000000 ____D () C:\Users\Colette\Desktop\mbar
2014-12-10 22:50 - 2014-12-10 22:50 - 16448208 _____ (Malwarebytes Corp.) C:\Users\Colette\Downloads\mbar-1.08.2.1001.exe
2014-12-10 22:48 - 2014-12-10 22:48 - 00000000 ____D () C:\Users\Colette\Desktop\scans
2014-12-10 22:02 - 2014-12-11 15:25 - 00000000 ____D () C:\Users\Colette\AppData\Local\CrashDumps
2014-12-10 21:41 - 2014-12-11 01:31 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-12-10 21:41 - 2014-12-10 21:41 - 15201368 _____ () C:\Users\Colette\Downloads\RogueKiller.exe
2014-12-10 21:41 - 2014-12-10 21:41 - 00079064 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\oliol.sys
2014-12-10 21:41 - 2014-12-10 21:41 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-12-10 20:10 - 2014-12-10 20:10 - 00040371 _____ () C:\Users\Colette\Desktop\attach.txt
2014-12-10 20:10 - 2014-12-10 20:10 - 00017674 _____ () C:\Users\Colette\Desktop\dds.txt
2014-12-10 20:08 - 2014-12-10 20:08 - 00688992 ____R (Swearware) C:\Users\Colette\Downloads\dds.com
2014-12-10 19:50 - 2014-12-10 19:50 - 01111040 _____ (Farbar) C:\Users\Colette\Downloads\FRST.exe
2014-12-10 18:23 - 2014-12-11 14:55 - 00135384 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-10 18:23 - 2014-12-11 14:55 - 00096472 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-10 18:23 - 2014-12-10 18:23 - 00000941 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-10 18:23 - 2014-12-10 18:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-10 18:23 - 2014-12-10 18:23 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-10 18:23 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-10 18:22 - 2014-12-10 18:22 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Colette\Downloads\mbam-setup-2.0.4.1028.exe
2014-12-10 07:09 - 2014-11-03 16:35 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-10 07:09 - 2014-11-03 16:19 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-10 07:08 - 2014-11-06 17:33 - 00974848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-10 07:08 - 2014-11-06 17:28 - 01209856 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-10 07:06 - 2014-12-02 18:06 - 00278528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-12-10 07:06 - 2014-12-02 17:51 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-12-07 14:13 - 2014-12-07 14:17 - 00000000 ____D () C:\Users\Colette\AppData\Roaming\Curse Advertising
2014-12-07 14:13 - 2014-12-07 14:13 - 00000000 ____D () C:\Users\Colette\Documents\My Curse
2014-12-07 14:12 - 2014-12-11 16:01 - 00000000 ____D () C:\Users\Colette\AppData\Local\Apps\2.0
2014-12-07 14:12 - 2014-12-10 21:29 - 00000000 ____D () C:\Users\Colette\AppData\Local\Deployment
2014-12-07 14:12 - 2014-12-07 14:12 - 00000318 _____ () C:\Users\Colette\Desktop\Curse Client.appref-ms
2014-12-07 14:12 - 2014-12-07 14:12 - 00000000 ____D () C:\Users\Colette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse
2014-12-07 14:11 - 2014-12-07 14:11 - 00402696 _____ () C:\Users\Colette\Downloads\setup.exe
2014-12-07 14:11 - 2014-12-07 14:11 - 00176315 _____ () C:\Users\Colette\Downloads\HandyNotes-v1.3.2.zip
2014-12-05 17:20 - 2014-12-04 13:08 - 00013315 _____ () C:\Users\Colette\Desktop\Book1.xlsx
2014-11-29 19:13 - 2014-11-29 19:13 - 00001028 _____ () C:\Users\Public\Desktop\Heroes of the Storm.lnk
2014-11-29 19:13 - 2014-11-29 19:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heroes of the Storm
2014-11-29 19:09 - 2014-12-03 20:32 - 00000000 ____D () C:\Program Files (x86)\Heroes of the Storm
2014-11-29 10:02 - 2014-11-29 10:02 - 00323128 _____ () C:\Windows\Minidump\Mini112914-01.dmp
2014-11-19 22:23 - 2014-10-23 17:03 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-19 22:23 - 2014-10-23 16:39 - 00656384 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-16 06:33 - 2014-11-16 06:33 - 00323136 _____ () C:\Windows\Minidump\Mini111614-01.dmp
2014-11-15 00:40 - 2014-11-15 00:40 - 00000000 ____D () C:\Users\Public\Peyonce
2014-11-13 07:46 - 2014-11-13 07:46 - 00001075 _____ () C:\Users\Public\Desktop\World of Warcraft.lnk
2014-11-13 07:46 - 2014-11-13 07:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
2014-11-13 07:44 - 2014-12-07 14:13 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft
2014-11-12 14:36 - 2014-10-12 15:52 - 02782208 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-12 14:34 - 2014-08-11 18:25 - 00729600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-12 14:34 - 2014-08-11 18:11 - 00923136 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-12 14:33 - 2014-10-17 17:08 - 00564224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-12 14:33 - 2014-10-17 16:46 - 00847360 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-12 14:33 - 2014-10-09 17:10 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-12 14:33 - 2014-10-09 17:09 - 01689600 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-12 14:33 - 2014-10-09 17:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-12 14:33 - 2014-10-09 17:01 - 00077312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-12 14:33 - 2014-10-09 17:00 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-12 14:33 - 2014-10-09 15:53 - 00619520 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-12 14:33 - 2014-10-09 15:22 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-12 14:33 - 2014-10-02 17:18 - 00274432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-12 14:33 - 2014-10-02 17:17 - 00396800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-12 14:33 - 2014-10-02 17:17 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-12 14:33 - 2014-10-02 17:03 - 00313344 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-12 14:33 - 2014-10-02 17:02 - 00201728 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-12 14:33 - 2014-10-02 17:01 - 00474624 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-12 14:33 - 2014-10-02 17:01 - 00446976 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-12 14:33 - 2014-10-02 15:49 - 00088576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\audiodg.exe
2014-11-12 14:22 - 2014-10-23 17:04 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-12 14:22 - 2014-10-23 16:39 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-12 14:22 - 2014-08-26 16:55 - 01249280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-12 14:22 - 2014-08-26 16:55 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-12 14:22 - 2014-08-26 16:41 - 01869824 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-12 14:22 - 2014-08-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-11 15:20 - 2014-10-27 12:32 - 17870336 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-11 15:20 - 2014-10-27 12:13 - 02339840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-11 15:20 - 2014-10-27 12:07 - 01388032 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-11 15:20 - 2014-10-27 12:06 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-11 15:20 - 2014-10-27 12:05 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-11 15:20 - 2014-10-27 12:04 - 02157056 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-11 15:20 - 2014-10-27 12:04 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-11-11 15:20 - 2014-10-27 12:04 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-11 15:20 - 2014-10-27 12:04 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-11 15:20 - 2014-10-27 12:04 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-11 15:20 - 2014-10-27 12:03 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-11 15:20 - 2014-10-27 12:03 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-11 15:20 - 2014-10-27 12:03 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-11 15:20 - 2014-10-27 12:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-11 15:20 - 2014-10-27 12:03 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-11-11 15:20 - 2014-10-27 12:03 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-11-11 15:20 - 2014-10-27 11:10 - 12366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-11 15:20 - 2014-10-27 11:05 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-11 15:20 - 2014-10-27 10:59 - 01139712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-11 15:20 - 2014-10-27 10:59 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-11 15:20 - 2014-10-27 10:58 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-11 15:20 - 2014-10-27 10:57 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-11-11 15:20 - 2014-10-27 10:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-11 15:20 - 2014-10-27 10:56 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-11-11 15:20 - 2014-10-27 10:56 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-11 15:20 - 2014-10-27 10:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-11 15:20 - 2014-10-27 10:56 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-11 15:20 - 2014-10-27 10:55 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-11 15:20 - 2014-10-27 10:55 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-11 15:20 - 2014-10-27 10:55 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-11 15:20 - 2014-10-27 10:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-11 15:20 - 2014-10-27 10:55 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-11-11 15:20 - 2014-10-27 10:55 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-11-11 15:20 - 2014-10-27 10:54 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-11 15:19 - 2014-10-27 12:12 - 10921472 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-11 15:19 - 2014-10-27 12:05 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-11 15:19 - 2014-10-27 12:05 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-11-11 15:19 - 2014-10-27 12:04 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-11 15:19 - 2014-10-27 12:03 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-11-11 15:19 - 2014-10-27 11:02 - 09739776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-11 15:19 - 2014-10-27 10:56 - 01802752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-11 15:19 - 2014-10-27 10:55 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-11 16:28 - 2006-11-02 04:46 - 00777268 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-11 16:25 - 2006-11-02 07:27 - 01807478 _____ () C:\Windows\WindowsUpdate.log
2014-12-11 16:21 - 2013-09-23 19:26 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-11 16:21 - 2006-11-02 07:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-11 16:21 - 2006-11-02 07:22 - 00004048 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-11 16:21 - 2006-11-02 07:22 - 00004048 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-11 16:20 - 2012-12-28 08:55 - 00211618 _____ () C:\Windows\PFRO.log
2014-12-11 16:19 - 2006-11-02 07:42 - 00032646 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-12-11 16:01 - 2006-11-02 05:33 - 00000000 __RHD () C:\Users\Default
2014-12-11 15:58 - 2006-11-02 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-12-11 15:48 - 2013-09-23 19:26 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-11 15:37 - 2012-12-31 11:06 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-10 21:41 - 2006-11-02 07:07 - 00000000 ____D () C:\Windows\Performance
2014-12-10 20:30 - 2013-12-25 18:39 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-12-10 18:23 - 2013-12-12 07:17 - 00000000 ____D () C:\Users\Colette\AppData\Roaming\Malwarebytes
2014-12-10 18:23 - 2013-12-12 07:17 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-10 18:18 - 2013-01-08 12:38 - 00002425 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-12-10 18:04 - 2013-12-25 18:45 - 00000000 ____D () C:\Users\Colette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-12-10 11:51 - 2006-11-02 05:33 - 00000000 ____D () C:\Windows\rescache
2014-12-10 07:14 - 2013-08-01 17:51 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-10 07:09 - 2006-11-02 04:35 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-12-10 07:05 - 2014-04-27 11:37 - 00000000 ___RD () C:\Users\Colette\Dropbox
2014-12-10 06:19 - 2014-04-27 11:35 - 00000000 ____D () C:\Users\Colette\AppData\Roaming\Dropbox
2014-12-10 06:15 - 2014-01-23 19:20 - 348143159 _____ () C:\Windows\MEMORY.DMP
2014-12-09 18:37 - 2012-12-31 11:06 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-09 18:37 - 2012-12-31 11:06 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-09 18:37 - 2012-12-31 11:06 - 00003684 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-09 18:11 - 2014-06-29 07:57 - 00000000 ____D () C:\Users\Colette\AppData\Roaming\TS3Client
2014-12-07 21:11 - 2013-11-07 12:17 - 00000000 ____D () C:\Users\Colette\AppData\Local\Battle.net
2014-12-07 14:14 - 2012-12-28 12:40 - 00000000 ____D () C:\Users\Colette\AppData\Roaming\.minecraft
2014-12-05 23:25 - 2014-03-11 14:30 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-12-05 23:11 - 2013-01-23 17:15 - 00000000 ____D () C:\Users\Colette\Documents\Noah school
2014-12-04 15:27 - 2014-06-29 07:57 - 00000000 ____D () C:\Program Files (x86)\TeamSpeak 3 Client
2014-12-03 20:29 - 2013-11-11 16:59 - 00000000 ____D () C:\Program Files (x86)\StarCraft II
2014-12-03 20:25 - 2013-11-07 12:17 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-11-29 19:50 - 2014-04-10 07:55 - 00000000 ____D () C:\Users\Colette\Documents\Heroes of the Storm
2014-11-29 10:02 - 2013-08-12 10:18 - 00000000 ____D () C:\Windows\Minidump
2014-11-28 12:18 - 2014-01-23 12:40 - 00000000 ___RD () C:\Users\Colette\Desktop\Video Games
2014-11-22 12:25 - 2013-01-19 22:26 - 00000000 ____D () C:\Users\Colette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2014-11-21 06:14 - 2013-12-12 07:17 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-15 09:02 - 2014-04-27 11:37 - 00000965 _____ () C:\Users\Colette\Desktop\Dropbox.lnk
2014-11-15 09:02 - 2014-04-27 11:36 - 00000000 ____D () C:\Users\Colette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-11-14 11:43 - 2013-09-23 19:26 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-14 11:43 - 2013-09-23 19:26 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-14 06:27 - 2013-12-14 18:03 - 00000000 ____D () C:\Users\Colette\AppData\Local\Akamai
2014-11-12 14:48 - 2006-11-02 07:21 - 02185816 _____ () C:\Windows\system32\FNTCACHE.DAT

Some content of TEMP:
====================
C:\Users\Colette\AppData\Local\temp\Quarantine.exe
C:\Users\Colette\AppData\Local\temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-11 16:26

==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-12-2014 03
Ran by Colette at 2014-12-11 16:32:00
Running from C:\Users\Colette\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Add or Remove Adobe Creative Suite 3 Web Premium (HKLM-x32\...\Adobe_247961ef275e20c5cb073c36394ac32) (Version: 1.0 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Reader X (10.1.13) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
AHV content for Acrobat and Flash (x32 Version: 1 - Adobe Systems Incorporated) Hidden
AirMech (HKLM-x32\...\Steam App 206500) (Version: - Carbon Games)
Akamai NetSession Interface (HKU\S-1-5-21-2291535583-3327991140-731123306-1000\...\Akamai) (Version: - Akamai Technologies, Inc)
Apple Application Support (HKLM-x32\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Bejeweled 3 (HKLM-x32\...\Bejeweled 3) (Version: - PopCap Games)
BitRaider Web Client (HKLM-x32\...\BitRaider Web Client) (Version: 1.1.9.9 - BitRaider, LLC)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version: - Gearbox Software)
Clone Wars (HKU\S-1-5-21-2291535583-3327991140-731123306-1000\...\SOE-Clone Wars) (Version: - Sony Online Entertainment)
Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
Curse Client (HKU\S-1-5-21-2291535583-3327991140-731123306-1000\...\101a9f93b8f0bb6f) (Version: 5.1.1.820 - Curse)
Dropbox (HKU\S-1-5-21-2291535583-3327991140-731123306-1000\...\Dropbox) (Version: 2.10.52 - Dropbox, Inc.)
DVDFab 9.0.7.2 (18/10/2013) (HKLM-x32\...\DVDFab 9_is1) (Version: - Fengtao Software Inc.)
Free Realms (HKU\S-1-5-21-2291535583-3327991140-731123306-1000\...\SOE-Free Realms) (Version: - Sony Online Entertainment)
Glyph (HKLM-x32\...\Glyph) (Version: - Trion Worlds, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 32.0.1700.107 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Happy Cloud Client (HKU\S-1-5-21-2291535583-3327991140-731123306-1000\...\HappyCloud) (Version: 3.72 - Happy Cloud, Inc.)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version: - Blizzard Entertainment)
HP Deskjet 3510 series Basic Device Software (HKLM\...\{7F20F2D1-C425-4432-96BA-EBD0C2181493}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
iTunes (HKLM\...\{33E28B58-7BA0-47B7-AA01-9225ABA2B8A9}) (Version: 11.3.0.54 - Apple Inc.)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Landmark Beta (HKU\S-1-5-21-2291535583-3327991140-731123306-1000\...\SOE-Landmark Beta) (Version: 1.0.3.183 - Sony Online Entertainment)
LastPass(uninstall only) (HKLM-x32\...\LastPass) (Version: - LastPass)
League of Legends (HKLM-x32\...\League of Legends 3.0.0) (Version: 3.0.0 - Riot Games)
League of Legends (x32 Version: 3.0.0 - Riot Games) Hidden
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version: - Valve)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mount & Blade: Warband (HKLM-x32\...\Steam App 48700) (Version: - TaleWorlds Entertainment)
Mozilla Firefox 27.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 27.0 (x86 en-US)) (Version: 27.0 - Mozilla)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.2 - NVIDIA Corporation)
NVIDIA Performance (HKLM-x32\...\InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}) (Version: 6.5 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA System Monitor (HKLM-x32\...\InstallShield_{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}) (Version: 6.5 - NVIDIA Corporation)
OpenOffice.org 3.4.1 (HKLM-x32\...\{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}) (Version: 3.41.9593 - Apache Software Foundation)
Path of Exile (HKLM-x32\...\{90A4562F-D4A1-4B65-906D-41F236CF6902}) (Version: 1.0.3.30451 - Grinding Gear Games)
PAYDAY: The Heist (HKLM-x32\...\Steam App 24240) (Version: - OVERKILL Software)
PDF Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Pixel Piracy (HKLM-x32\...\Steam App 264140) (Version: - Vitali Kirpu)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Razer DeathAdder(TM) Mouse (HKLM-x32\...\{EB1B8449-CD8F-485B-ADB6-02FBCFE180D3}) (Version: 3.00 - Razer USA Ltd.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 6.250.908.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
ROBLOX Player for Colette (HKU\S-1-5-21-2291535583-3327991140-731123306-1000\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - ROBLOX Corporation)
ROBLOX Studio for Colette (HKU\S-1-5-21-2291535583-3327991140-731123306-1000\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version: - ROBLOX Corporation)
Rust (HKLM-x32\...\Steam App 252490) (Version: - Facepunch Studios)
Search App by Ask (HKLM-x32\...\{4F524A2D-5350-4500-76A7-A758B70C1500}) (Version: 12.21.0.114 - APN, LLC) <==== ATTENTION
SHIELD Wireless Controller Driver (Version: 16.13.42 - NVIDIA Corporation) Hidden
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version: - 2K Games, Inc.)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
Star Wars The Old Republic (HKLM-x32\...\swtor_swtor) (Version: 7.0.0.49 - Bioware/EA)
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
StarCraft II (HKLM-x32\...\StarCraft II) (Version: - Blizzard Entertainment)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
Terraria (HKLM-x32\...\Steam App 105600) (Version: - Re-Logic)
Torchlight II (HKLM-x32\...\Steam App 200710) (Version: - Runic Games)
Trove (HKLM-x32\...\Glyph Trove) (Version: - Trion Worlds, Inc.)
Unity Web Player (HKU\S-1-5-21-2291535583-3327991140-731123306-1000\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
WildStar (HKLM-x32\...\WildStar) (Version: - NCSOFT)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)
Xiph.Org Open Codecs 0.85.17777 (HKLM-x32\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2291535583-3327991140-731123306-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Colette\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2291535583-3327991140-731123306-1000_Classes\CLSID\{DEE03C2B-0C0C-41A9-9877-FD4B4D7B6EA3}\InprocServer32 -> C:\Users\Colette\AppData\Local\Roblox\Versions\version-0aae98b55b324621\RobloxProxy64.dll (ROBLOX Corporation)
CustomCLSID: HKU\S-1-5-21-2291535583-3327991140-731123306-1000_Classes\CLSID\{e22633f7-a142-4af1-af6b-af24cbafbef7}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2291535583-3327991140-731123306-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Colette\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2291535583-3327991140-731123306-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Colette\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2291535583-3327991140-731123306-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Colette\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2291535583-3327991140-731123306-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Colette\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2291535583-3327991140-731123306-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Colette\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2291535583-3327991140-731123306-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Colette\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2291535583-3327991140-731123306-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Colette\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2291535583-3327991140-731123306-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Colette\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points =========================

11-12-2014 03:36:08 7
11-12-2014 11:00:31 Windows Update
11-12-2014 22:52:48 1

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 04:34 - 2014-12-11 15:58 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {2D5C7935-7454-4B40-805D-927DFB39C594} - System32\Tasks\Microsoft_Hardware_Launch_IType_exe => c:\Program Files\Microsoft IntelliType Pro\IType.exe
Task: {3723AA85-CDA1-4B1E-8ADB-175FAC0BEB16} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-09] (Adobe Systems Incorporated)
Task: {3D31444B-FDE5-4244-892D-61C27F6C732B} - \YourFile DownloaderUpdate No Task File <==== ATTENTION
Task: {42238E77-5918-4054-A923-84A8878722EF} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\VistaSP1CEIP => C:\Windows\servicing\vsp1ceip.exe [2008-01-19] (Microsoft Corporation)
Task: {50AF85FC-4268-44B4-B763-5AC375C7108C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-23] (Google Inc.)
Task: {F369F8D5-AEDF-444E-9B15-6A5811CA62B3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-23] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-12-26 19:13 - 2010-05-05 16:56 - 00251392 _____ () C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
2012-12-26 19:13 - 2010-04-27 14:41 - 00218112 _____ () C:\Program Files (x86)\Razer\DeathAdder\razertra.exe
2014-02-12 19:58 - 2014-02-12 19:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 19:58 - 2014-02-12 19:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-02-06 18:28 - 2014-02-06 18:28 - 03583600 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-08-18 16:06 - 2014-08-18 16:06 - 01020928 _____ () C:\Users\Colette\AppData\Roaming\Mozilla\Firefox\Profiles\u4996rys.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll
2014-12-09 18:37 - 2014-12-09 18:37 - 16841392 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-2291535583-3327991140-731123306-500 - Administrator - Disabled)
Colette (S-1-5-21-2291535583-3327991140-731123306-1000 - Administrator - Enabled) => C:\Users\Colette
Guest (S-1-5-21-2291535583-3327991140-731123306-501 - Limited - Enabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
Date: 2014-12-11 16:31:40.921
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-12-11 16:31:40.778
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-12-11 16:31:40.638
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-12-11 16:31:40.498
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-12-11 16:31:40.191
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-12-11 16:31:40.053
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-12-11 16:31:39.903
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-12-11 16:31:39.710
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-12-11 15:57:55.098
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-12-11 15:57:54.958
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU E6550 @ 2.33GHz
Percentage of memory in use: 48%
Total physical RAM: 4093.58 MB
Available physical RAM: 2087.95 MB
Total Pagefile: 8412.45 MB
Available Pagefile: 6294.71 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.76 GB) (Free:17 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 55F0568F)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================
 
redtarget.gif
Uninstall Search App by Ask.

redtarget.gif

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

Attachments

  • fixlist.txt
    1.2 KB · Views: 2
The reason I didnt start it a while ago is because there is 2 computer updates and is taking a very long time and im responding to you from another computer. The update is 1 of 2 right now and is been going for about 20 or so mins. I cant move my mouse at all and seems to be frozen but it does show the periods after the 2 moving to the right so my screen is frozen. Do I just keep going with the update or restart my computer?
 
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-12-2014 03
Ran by Colette at 2014-12-11 17:45:12 Run:1
Running from C:\Users\Colette\Desktop
Loaded Profile: Colette (Available profiles: Colette)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2291535583-3327991140-731123306-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Extension: No Name - C:\Users\Colette\AppData\Roaming\Mozilla\Firefox\Profiles\u4996rys.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A} [Not Found]
S1 Beep; No ImagePath
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 DIRECTIO; \??\C:\Program Files\PerformanceTest\DirectIo64.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
C:\Users\Colette\AppData\Local\temp\Quarantine.exe
C:\Users\Colette\AppData\Local\temp\sqlite3.dll
Task: {3D31444B-FDE5-4244-892D-61C27F6C732B} - \YourFile DownloaderUpdate No Task File <==== ATTENTION

*****************

"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKU\S-1-5-21-2291535583-3327991140-731123306-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
C:\Users\Colette\AppData\Roaming\Mozilla\Firefox\Profiles\u4996rys.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A} not found.
Beep => Service deleted successfully.
blbdrive => Service deleted successfully.
catchme => Service deleted successfully.
DIRECTIO => Service deleted successfully.
IpInIp => Service deleted successfully.
NwlnkFlt => Service deleted successfully.
NwlnkFwd => Service deleted successfully.
C:\Users\Colette\AppData\Local\temp\Quarantine.exe => Moved successfully.
C:\Users\Colette\AppData\Local\temp\sqlite3.dll => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3D31444B-FDE5-4244-892D-61C27F6C732B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3D31444B-FDE5-4244-892D-61C27F6C732B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\YourFile DownloaderUpdate" => Key deleted successfully.

==== End of Fixlog ====
 
I am still getting the same error when I open programs it says,
C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19227_none_9e528838ca1611c0\gdiplus.dll is either not designed to run on Windows or it contains and error. Try installing the program again using the original installation media or contact your system administrator or the software vendore for support.

With the title of LoLLauncher.exe - Bad Image
Then it tells me,
Riot client patcher has stopped working
Windows is collecting more information about the problem. This might take several minutes...

Then another window pops up saying,

Do you want to send more information about the problem?
Additional details about what went wrong can help microsoft create a solution.

There is a button to show details and it says
FIles that help describe the problem:
C:\Users\Colette\AppData\Local\temp\WER80E2.tmp.version.txt
C:\Users\Colette\AppData\Local\temp\WER8F06.tmp.appcompat.txt
C:\Users\Colette\AppData\Local\temp\WER8FA3.tmp.mdmp
Read our privacy statement:
http://go.microsoft.com/fwlink/?linkid=50163&clcid=0x0409

It also gives me the option to cancel or to send the information.
Dont know if this helps or not but hope it does.
 
LoLLauncher.exe belongs to one of your programs - League of Legends
I know nothing about games.
All I can suggest is to reinstall the game or create new topic in appropriate forum.

Last scans...

redtarget.gif
Download Security Check from here or here and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


redtarget.gif
Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

redtarget.gif
Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.

redtarget.gif
Download Sophos Free Virus Removal Tool and save it to your desktop.
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
 
Results of screen317's Security Check version 0.99.93
Windows Vista Service Pack 2 x64 (UAC is enabled)
Internet Explorer 9
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java 7 Update 71
Adobe Flash Player 15.0.0.246 Flash Player out of Date!
Adobe Reader 10.1.13 Adobe Reader out of Date!
Mozilla Firefox 27.0 Firefox out of Date!
Google Chrome 32.0.1700.102 Google Chrome out of date!
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 3 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
 
Farbar Service Scanner Version: 21-07-2014
Ran by Colette (administrator) on 11-12-2014 at 18:14:06
Running from "C:\Users\Colette\Downloads"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcsvc.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****
 
So I am considering just re-installing windows 7 because I am starting to think it may not be a malware issue unless you think something else?
 
So in reading past "Bad image errors" its says that renaming gdiplus.dll to gdiplus.old worked for someone previously but dosent really make sense to me, could this be a lead of some sort?
 
Looking at my update history I have failed the same update multiple times
Definition update for Microsoft security essentials - KB2310138 (definition 1.189.877.0) failed an exact of 100 or so of those failed dating all the way back from now to 3/5/13 and counted only 1 that was successful on that day and then all the rest failed. I have no clue if that has anything to do with my problem but it seems pretty shady to me.
 
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

64-bit users go HERE
  • Double-click SystemLook.exe to run it.
  • Vista users:: Right click on SystemLook.exe, click Run As Administrator
  • Copy the content of the following box and paste it into the main textfield:
Code:
:filefind
gdiplus.dll
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
 
Back